🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

📚 tl;dr sec 244 ☁️ Cloud Security Slides Nick Frichette, Seth Art, Jenko Hwong ✍️ Threat Modeling 💼 Security Program Templates Robert A. 🧑‍💼 Security Training Tips Phil Venables 🦈 TrailShark Yakir Kadkoda, Ofek itach tldrsec.com/p/tldr-sec-244

🦈 TrailShark: Understanding AWS API and Service Interactions A plugin that connects Wireshark with AWS CloudTrail, offering near-real-time analysis of AWS API calls → Capture and examine the internal API calls triggered by AWS services → Used by Aqua Security's Ofek itach &

Our DEF CON 32 talk, "Breaching AWS Through Shadow Resources" is now live on YouTube! In this session, we present six critical vulnerabilities we uncovered in AWS services, sharing the stories and methodologies behind each one youtu.be/m9QVfYVJ7R8?t=…

The CDK uses a bucket naming scheme that includes a random looking value. "By default, this value is hnb659fds." 😭

Great research from Yakir Kadkoda and Ofek itach! It’s another example of AWS client tools exposing customers to attacks. You have to be careful of global namespaces like S3 😬

We discovered a security issue in AWS CDK that allows attackers to exploit missing S3 buckets for account takeovers. This highlights the importance of avoiding predictable bucket names and protecting your AWS account ID. More details here: aquasec.com/blog/aws-cdk-r… #CloudSecurity

I notice that “user action is required” to mitigate this vulnerability in an AWS product, and yet there is no security bulletin? What director or VP at AWS is making CYA job zero? aquasec.com/blog/aws-cdk-r…

🛎️ AWS Security Digest 181 is out! 1️⃣ AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover by Ofek itach & Yakir Kadkoda 2️⃣ Protecting Data and Preventing Ransomware: The IAM Guide to Managing and Updating Encryption for AWS Resources by Jason Kao 3️⃣ What I’ve

Believe it or not, #CVE-2024-47574 started with me not wanting to be a lousy friend. Eviatar Gerzi launched #PipeViewer, and I thought, “Am I a terrible friend if I don’t try it?” So I did—and one “that’s weird” moment later, here we are! pentera.io/blog/piping-ho…

AWS: where the shadow knows your secrets. Yakir Kadkoda & Ofek itach show you how attackers find your forgotten resources. #INTENT2024 ☁️🔓

Heading to Black Hat Europe 2024 in London this week? Don’t miss the Aqua Security Research Team - Team Nautilus at our Arsenal Talks, where we’ll showcase tools and techniques to uncover hidden vulnerabilities, trace system events, and analyze AWS API calls and service

🚨🔥 Is Your Prometheus Setup at Risk? Our research uncovered major flaws in the Prometheus ecosystem: 💥 DoS Attacks: Over 336,000 servers vulnerable via /debug/pprof 💥 RepoJacking: Malicious code injected via abandoned exporters 💥 Sensitive Data Leaks: Exposed credentials,

We discovered a way to bypass OPA Gatekeeper policies in Kubernetes due to a subtle misconfiguration - missing a trailing slash, combined with risky Rego logic. This allows attackers to bypass certain policies, leading to unauthorized image pulls in Kubernetes clusters. In our

How many secrets are you exposing to attackers? Join Yakir Kadkoda & Assaf Morag of Aqua Security as they discuss how to better protect your organization’s secrets through research that uncovered overlooked secrets in the development lifecycle Learn more. spr.ly/6010LOnMp

AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover By Ofek Itach & Yakir Kadkoda 🚨 A single missing S3 bucket led to full AWS account takeover—here’s how. 💡 Key insights: 🏗️ AWS CDK Default Configurations: How an overlooked bucket deletion created an

TL;DR: We found that default IAM roles in AWS services like SageMaker, Glue, and EMR granted overly broad permissions—such as full S3 access. These roles could be abused to escalate privileges, pivot between services, and even gain admin access. AWS has issued fixes and scoped

🚨 One default IAM role can expose your entire AWS account. Experts found overly permissive roles in AWS services like SageMaker & Glue—granting attackers wide access, including full S3 control. It’s not just misconfig—it's a silent backdoor. Details: thehackernews.com/2025/05/aws-de…

A little over a year ago I published research on how you could leverage non-production AWS API endpoints to enumerate permissions without logging to CloudTrail. A year later...I'm still finding them. Red Teamers, these can be super useful and really up your game!

🎉 Excited to welcome Yakir Kadkoda to Cloud Village @DEFCON 33! 🎤 He’s presenting “The Hidden Path to Root: Shadow Resources, Roles & AWS Service Exploits” ☁️🔐 📍 Room 311, LVCC 🗓️ Aug 8 | 🕥 10:50–11:30 AM PT 🔗 cloud-village.org/dc33 #DEFCON33 #HackerSummerCamp